WO2005101720A3 - Method and system for distinguishing network threats from false positives - Google Patents

Method and system for distinguishing network threats from false positives Download PDF

Info

Publication number
WO2005101720A3
WO2005101720A3 PCT/US2005/010358 US2005010358W WO2005101720A3 WO 2005101720 A3 WO2005101720 A3 WO 2005101720A3 US 2005010358 W US2005010358 W US 2005010358W WO 2005101720 A3 WO2005101720 A3 WO 2005101720A3
Authority
WO
WIPO (PCT)
Prior art keywords
distinguishing
threats
security threats
false positives
network threats
Prior art date
Application number
PCT/US2005/010358
Other languages
French (fr)
Other versions
WO2005101720A2 (en
Inventor
Anil Jagdish Chawla
David Perry Greene
Klaus Julisch
Aaron Edward Fredrick Rankin
Jonathan Michael Seeber
Rhys Ulerich
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Priority to JP2007507357A priority Critical patent/JP4808703B2/en
Priority to CA2562358A priority patent/CA2562358C/en
Priority to EP05730339A priority patent/EP1741223B1/en
Priority to AT05730339T priority patent/ATE470301T1/en
Priority to DE602005021630T priority patent/DE602005021630D1/en
Publication of WO2005101720A2 publication Critical patent/WO2005101720A2/en
Publication of WO2005101720A3 publication Critical patent/WO2005101720A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
  • Measurement Of Resistance Or Impedance (AREA)
  • Investigating Or Analyzing Materials By The Use Of Electric Means (AREA)

Abstract

An apparatus, a method, and a computer program are provided for distinguishing relevant security threats. With conventional computer systems, distinguishing security threats from actual security threats is a complex and difficult task because of the general inability to quantify a “threat”. By the use of an intelligent conceptual clustering technique, threats can be accurately distinguished from benign behaviors. Thus, electronic commerce, and Information Technology systems generally, can be made safer without sacrificing efficiency.
PCT/US2005/010358 2004-04-08 2005-03-29 Method and system for distinguishing network threats from false positives WO2005101720A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2007507357A JP4808703B2 (en) 2004-04-08 2005-03-29 Method and system for identifying related network security threats using improved intrusion detection audit and comparison of intelligent security analysis
CA2562358A CA2562358C (en) 2004-04-08 2005-03-29 Method and system for distinguishing relevant network security threats using comparison of refined intrusion detection audits and intelligent security analysis
EP05730339A EP1741223B1 (en) 2004-04-08 2005-03-29 Method, apparatus and computer program for distinguishing relevant network security threats using comparison of refined intrusion detection audits and intelligent security analysis
AT05730339T ATE470301T1 (en) 2004-04-08 2005-03-29 METHOD, APPARATUS AND COMPUTER PROGRAM FOR DISTINGUISHING RELEVANT NETWORK SECURITY THREATS USING A COMPARISON OF REFINED INTRUSION DETECTION AUDITS AND INTELLIGENT SECURITY ANALYSIS
DE602005021630T DE602005021630D1 (en) 2004-04-08 2005-03-29 METHOD, DEVICE AND COMPUTER PROGRAM FOR UNDROWTH USING A COMPARISON OF REFINED IMPEDANCE DETECTION AUDIT AND INTELLIGENT SAFETY ANALYSIS

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/821,042 2004-04-08
US10/821,042 US7406606B2 (en) 2004-04-08 2004-04-08 Method and system for distinguishing relevant network security threats using comparison of refined intrusion detection audits and intelligent security analysis

Publications (2)

Publication Number Publication Date
WO2005101720A2 WO2005101720A2 (en) 2005-10-27
WO2005101720A3 true WO2005101720A3 (en) 2006-12-21

Family

ID=35062061

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/010358 WO2005101720A2 (en) 2004-04-08 2005-03-29 Method and system for distinguishing network threats from false positives

Country Status (10)

Country Link
US (1) US7406606B2 (en)
EP (1) EP1741223B1 (en)
JP (1) JP4808703B2 (en)
KR (1) KR101013264B1 (en)
CN (1) CN100456258C (en)
AT (1) ATE470301T1 (en)
CA (1) CA2562358C (en)
DE (1) DE602005021630D1 (en)
TW (1) TWI335504B (en)
WO (1) WO2005101720A2 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060101516A1 (en) * 2004-10-12 2006-05-11 Sushanthan Sudaharan Honeynet farms as an early warning system for production networks
KR100891329B1 (en) 2007-01-26 2009-03-31 삼성전자주식회사 Semiconductor device and method of fabricating the same
FR2918813B1 (en) * 2007-07-12 2012-11-16 Augier S A "SYSTEM FOR MANAGING A LIGHTING NETWORK"
EP2040435B1 (en) * 2007-09-19 2013-11-06 Alcatel Lucent Intrusion detection method and system
US20090297043A1 (en) * 2008-05-28 2009-12-03 International Business Machines Corporation Pattern scanner and editor for security audit systems
KR101394591B1 (en) * 2012-11-23 2014-05-12 건국대학교 산학협력단 Method, system and computer-readable recording medium for detecting intrusion of network
LT3095034T (en) 2014-10-21 2019-09-25 IronNet Cybersecurity, Inc. Cybersecurity system
US10476947B1 (en) 2015-03-02 2019-11-12 F5 Networks, Inc Methods for managing web applications and devices thereof
US11616806B1 (en) 2015-05-08 2023-03-28 F5, Inc. Methods for protecting web based resources from D/DoS attacks and devices thereof
US9923910B2 (en) 2015-10-05 2018-03-20 Cisco Technology, Inc. Dynamic installation of behavioral white labels
US10834110B1 (en) * 2015-12-18 2020-11-10 F5 Networks, Inc. Methods for preventing DDoS attack based on adaptive self learning of session and transport layers and devices thereof
US10397250B1 (en) 2016-01-21 2019-08-27 F5 Networks, Inc. Methods for detecting remote access trojan malware and devices thereof
PL3338205T3 (en) 2016-07-14 2019-10-31 Ironnet Cybersecurity Inc Simulation and virtual reality based cyber behavioral system
US10432652B1 (en) 2016-09-20 2019-10-01 F5 Networks, Inc. Methods for detecting and mitigating malicious network behavior and devices thereof
US11038869B1 (en) 2017-05-12 2021-06-15 F5 Networks, Inc. Methods for managing a federated identity environment based on application availability and devices thereof
US10931691B1 (en) 2017-10-09 2021-02-23 F5 Networks, Inc. Methods for detecting and mitigating brute force credential stuffing attacks and devices thereof
US11539740B1 (en) 2018-02-02 2022-12-27 F5, Inc. Methods for protecting CPU during DDoS attack and devices thereof
US11349981B1 (en) 2019-10-30 2022-05-31 F5, Inc. Methods for optimizing multimedia communication and devices thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073800A1 (en) * 2002-05-22 2004-04-15 Paragi Shah Adaptive intrusion detection system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US6282546B1 (en) * 1998-06-30 2001-08-28 Cisco Technology, Inc. System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment
US7574740B1 (en) * 2000-04-28 2009-08-11 International Business Machines Corporation Method and system for intrusion detection in a computer network
CA2424352A1 (en) * 2000-05-28 2001-12-06 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US7437762B2 (en) * 2001-11-29 2008-10-14 International Business Machines Corporation Method, computer program element and a system for processing alarms triggered by a monitoring system
JP3609382B2 (en) * 2002-03-22 2005-01-12 日本電信電話株式会社 Distributed denial of service attack prevention method, gate device, communication device, and program

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073800A1 (en) * 2002-05-22 2004-04-15 Paragi Shah Adaptive intrusion detection system

Also Published As

Publication number Publication date
CN1961323A (en) 2007-05-09
CA2562358A1 (en) 2005-10-27
EP1741223A2 (en) 2007-01-10
JP4808703B2 (en) 2011-11-02
EP1741223B1 (en) 2010-06-02
ATE470301T1 (en) 2010-06-15
KR20070008611A (en) 2007-01-17
DE602005021630D1 (en) 2010-07-15
TW200613969A (en) 2006-05-01
EP1741223A4 (en) 2008-07-23
WO2005101720A2 (en) 2005-10-27
US20050229253A1 (en) 2005-10-13
CA2562358C (en) 2014-03-25
JP2007533001A (en) 2007-11-15
CN100456258C (en) 2009-01-28
TWI335504B (en) 2011-01-01
KR101013264B1 (en) 2011-02-11
US7406606B2 (en) 2008-07-29

Similar Documents

Publication Publication Date Title
WO2005101720A3 (en) Method and system for distinguishing network threats from false positives
Manoharan et al. Revolutionizing Cybersecurity: Unleashing the Power of Artificial Intelligence and Machine Learning for Next-Generation Threat Detection
CN112738126A (en) Attack tracing method based on threat intelligence and ATT & CK
EP1417603A4 (en) Automated computer system security compromise
WO2010049273A3 (en) System, method and program product for detecting presence of malicious software running on a computer system
CN103428196A (en) URL white list-based WEB application intrusion detecting method and apparatus
WO2007070676A3 (en) Systems and methods for social mapping
WO2007060664A3 (en) System and method of managing data protection resources
DE60321972D1 (en) METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED USE OF A COMMUNICATION NETWORK
WO2001084775A3 (en) System and method for managing security events on a network
CN103905459A (en) Cloud-based intelligent security defense system and defense method
Bui et al. Agriculture 4.0 and beyond: Evaluating cyber threat intelligence sources and techniques in smart farming ecosystems
CN106845237A (en) A kind of SQL injection methods of risk assessment based on SQL statement
CN102693236A (en) Bad information filtering method based on content understanding
Avcı et al. Predicting DDoS Attacks Using Machine Learning Algorithms in Building Management Systems
CN105740709A (en) Authority combination-based Android malicious software detection method
Park et al. Current Status and Analysis of Domestic Security Monitoring Systems
CN103701821B (en) File type identification method and device
Jeon et al. Using the SIEM Software vulnerability detection model proposed
Ko et al. Application of Integrated Security Control of Artificial Intelligence Technology and Improvement of Cyber-Threat Response Process
Pan et al. [Retracted] Simulation of Dynamic User Network Connection Anti‐Interference and Security Authentication Method Based on Ubiquitous Internet of Things
WO2008031078A3 (en) Method of performing software updates (installations), on networked 32/64-bit microsoft computers in an automated environment without introducing a possible security threat
Kang et al. Cybertrap: Unknown Attack Detection System based on Virtual Honeynet
Schiaffino et al. Detecting Zero-Day Vulnerabilities in CMS Platforms: An In-depth Analysis Using DeepLog.
Wang et al. IGXSS: XSS payload detection model based on inductive GCN

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1020067020202

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 200580010457.X

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2007507357

Country of ref document: JP

Ref document number: 2562358

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWE Wipo information: entry into national phase

Ref document number: 2005730339

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005730339

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067020202

Country of ref document: KR